Format: 1.8 Date: Fri, 18 Jun 2021 07:06:22 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: ppc64el Version: 2.4.29-1ubuntu4.16 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.29-1ubuntu4.16) bionic-security; urgency=medium . * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's base64 to fail early if the format can't match anyway in modules/aaa/mod_auth_digest.c. - CVE-2020-35452 * SECURITY UPDATE: DoS via cookie header in mod_session - debian/patches/CVE-2021-26690.patch: save one apr_strtok() in session_identity_decode() in modules/session/mod_session.c. - CVE-2021-26690 * SECURITY UPDATE: heap overflow via SessionHeader - debian/patches/CVE-2021-26691.patch: account for the '&' in identity_concat() in modules/session/mod_session.c. - CVE-2021-26691 * SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF' - debian/patches/CVE-2021-30641.patch: change default behavior in server/request.c. - CVE-2021-30641 * This update does _not_ include the changes from 2.4.29-1ubuntu4.15 in bionic-proposed. Checksums-Sha1: 431efe11741f169aded486be742db277a991f73c 1095752 apache2-bin_2.4.29-1ubuntu4.16_ppc64el.deb 69e4e38b0778b5a73c937e1d786f9ca09849a2ca 4447780 apache2-dbg_2.4.29-1ubuntu4.16_ppc64el.deb 77256a1b8ecc51e0d8ae083482eb48b3030409db 177644 apache2-dev_2.4.29-1ubuntu4.16_ppc64el.deb a38445d23c6da5cbe53abc9a83ec322b897b1f21 2396 apache2-ssl-dev_2.4.29-1ubuntu4.16_ppc64el.deb a852633f94414b27d8c8181e14085f43192098d9 15176 apache2-suexec-custom_2.4.29-1ubuntu4.16_ppc64el.deb e32312862abd108e58a4c2b15a124df15fadf325 13636 apache2-suexec-pristine_2.4.29-1ubuntu4.16_ppc64el.deb baab6962ed8d6376da7ffd7e29abaadfaa6f7c2f 85100 apache2-utils_2.4.29-1ubuntu4.16_ppc64el.deb df46ed4b1408ed7536a8256f85f98b9b4f53f40f 10268 apache2_2.4.29-1ubuntu4.16_ppc64el.buildinfo 4ad7d9cc220bf1561a1845a2d7f7974a0f8df333 95104 apache2_2.4.29-1ubuntu4.16_ppc64el.deb Checksums-Sha256: bcbb1190b182183df4d2f1f424a871950116577960347d0f74f6013026c6786c 1095752 apache2-bin_2.4.29-1ubuntu4.16_ppc64el.deb dabfdb1af7d9866c32c9b6bf686fd8d128a8397590b83c6d1c918cc7a0ce3394 4447780 apache2-dbg_2.4.29-1ubuntu4.16_ppc64el.deb 91b26bb89870db2a355cc835198f5ef5ff8a2582f8e721a04839b4682851d3e8 177644 apache2-dev_2.4.29-1ubuntu4.16_ppc64el.deb cf708de76d00094e5e26ee6458c2638d85406c0401622a267702d8e6f52d5a15 2396 apache2-ssl-dev_2.4.29-1ubuntu4.16_ppc64el.deb 67799b100bf25b274e6d32502c6a39f9735f719f4216dbc5f080a9764e2857f2 15176 apache2-suexec-custom_2.4.29-1ubuntu4.16_ppc64el.deb a544004b76bee57c5ad02d500a11443e8a2c3cb3f031822c003e44e93e084a63 13636 apache2-suexec-pristine_2.4.29-1ubuntu4.16_ppc64el.deb 1c2d62846a5767353b97f60e432b20948333d48456be8e170cc9e32cde0a31ed 85100 apache2-utils_2.4.29-1ubuntu4.16_ppc64el.deb 7c9f8113838edb302ec20f6186d02de9597ca30331b6f7c6f6e42a563f1f4662 10268 apache2_2.4.29-1ubuntu4.16_ppc64el.buildinfo 2fac0571f19c4c21e9b68827d40551b7316ce0be8daf7ecc835d83a04e6a0063 95104 apache2_2.4.29-1ubuntu4.16_ppc64el.deb Files: 2f3795f3e0fd2e920b9a5a1c8a27a65e 1095752 httpd optional apache2-bin_2.4.29-1ubuntu4.16_ppc64el.deb c41951e9ac6c8bb61fe73456d9c55f85 4447780 debug optional apache2-dbg_2.4.29-1ubuntu4.16_ppc64el.deb 5143b301c200ea2607fa204622c490d8 177644 httpd optional apache2-dev_2.4.29-1ubuntu4.16_ppc64el.deb d2213202ae653f329b3649912a44dbed 2396 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.16_ppc64el.deb 6b17813d9d44044ef6eeeb8755fb2a39 15176 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.16_ppc64el.deb 426a718808f1d1762bf32383bc735f39 13636 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.16_ppc64el.deb cafb667ba412c3b25c627b3bfcdf5d1d 85100 httpd optional apache2-utils_2.4.29-1ubuntu4.16_ppc64el.deb fea131b26d09235a7c53c0409c329015 10268 httpd optional apache2_2.4.29-1ubuntu4.16_ppc64el.buildinfo 2ac00c7132015a9a10159c6239c14c98 95104 httpd optional apache2_2.4.29-1ubuntu4.16_ppc64el.deb Original-Maintainer: Debian Apache Maintainers